• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Blocking file access within KAUTH
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking file access within KAUTH

  • Subject: Re: Blocking file access within KAUTH
  • From: "Damir Dezeljin" <email@hidden>
  • Date: Sun, 25 Nov 2007 09:30:22 +0100
Terry, Michael: thanks, your posts were really helpful even if my mail was hard to understand -> was writing just before going to bed :)

Anyway I'll try to clarify my use case a bit better:
Lets say I'm implementing a virus scanner and I want performing some actions only when (before) the file data is being accessed. So, ideally I would skip all directory listing or chmod-s, renames and other operations not requiring file data. As I understood it is not possible to distinguish between all such operations, but I have to deal with VNODE action bit mask and do my decision depending on results (well, first I have to check if the VNODE is a file ...). As far as good -> I'm going to do some more testing and I guess I'll return with additional questions later on.

BTW: I don't really care about the path I get from the VNODE. The only important thing is I will be able to open the resolved path in user space and scan the file. Depending on results, I'll block the file access. I'm concerned about performance and results of my approach for cases Michael described:
----
there isn't an operation actually in progress, but someone wants to
know whether it would be permitted.  You may want to ignore operations
with this bit set for performance reasons, but be aware that it may
give odd results.
----


I some not directly related questions to the subject:
- I have just one MAC available right now. I'm using it for developing and testing too. This makes it hard tracking down kernel (my KEXT) deadlocks as I had to reset it lot of times already :)
I'm wondering if it is possible to debug the kernel remotely using a Linux / Windows box?
Or is it possible to run Darwin on a normal PC (not MAC) - I'm pretty sure it is, but I don't know if it is possible compiling or just loading KEXT-s on such installations.

- I'm still confused by means for obtaining certain functions documentations. E.g. I used sources as well, list posts and a PDF to understand what msleep() actually do. Is there anything I could install to get 'man msleep' working :) ?


Thanks,
Damir 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Blocking file access within KAUTH
      • From: Michael Smith <email@hidden>
    • Re: Blocking file access within KAUTH
      • From: Terry Lambert <email@hidden>
    • Re: Blocking file access within KAUTH
      • From: "Damir Dezeljin" <email@hidden>
References: 
 >Blocking file access within KAUTH (From: "Damir Dezeljin" <email@hidden>)
 >Re: Blocking file access within KAUTH (From: Michael Smith <email@hidden>)

  • Prev by Date: Re: Blocking file access within KAUTH
  • Next by Date: Re: Blocking file access within KAUTH
  • Previous by thread: Re: Blocking file access within KAUTH
  • Next by thread: Re: Blocking file access within KAUTH
  • Index(es):
    • Date
    • Thread